Announcements. CS243: Discrete Structures. More on Cryptography and Mathematical Induction. Agenda for Today. Cryptography

Similar documents
Public Key Cryptography: RSA and Lots of Number Theory

Public Key Cryptography and RSA. Review: Number Theory Basics

Discrete Mathematics, Chapter 4: Number Theory and Cryptography

The application of prime numbers to RSA encryption

Computing exponents modulo a number: Repeated squaring

Lecture 13 - Basic Number Theory.

An Introduction to the RSA Encryption Method

RSA Encryption. Tom Davis October 10, 2003

CSCE 465 Computer & Network Security

Number Theory. Proof. Suppose otherwise. Then there would be a finite number n of primes, which we may

Overview of Public-Key Cryptography

Mathematical Induction. Lecture 10-11

Mathematics of Internet Security. Keeping Eve The Eavesdropper Away From Your Credit Card Information

The science of encryption: prime numbers and mod n arithmetic

The Mathematics of the RSA Public-Key Cryptosystem

Math 319 Problem Set #3 Solution 21 February 2002

Math 55: Discrete Mathematics

U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, Notes on Algebra

CIS 5371 Cryptography. 8. Encryption --

Primes in Sequences. Lee 1. By: Jae Young Lee. Project for MA 341 (Number Theory) Boston University Summer Term I 2009 Instructor: Kalin Kostadinov

1. The RSA algorithm In this chapter, we ll learn how the RSA algorithm works.

Cryptography and Network Security Department of Computer Science and Engineering Indian Institute of Technology Kharagpur

Secure Network Communication Part II II Public Key Cryptography. Public Key Cryptography

Lecture 13: Factoring Integers

Lecture 6 - Cryptography

Digital Signatures. Prof. Zeph Grunschlag

Cryptography and Network Security Chapter 9

Shor s algorithm and secret sharing

Principles of Public Key Cryptography. Applications of Public Key Cryptography. Security in Public Key Algorithms

Software Tool for Implementing RSA Algorithm

WRITING PROOFS. Christopher Heil Georgia Institute of Technology

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

RSA and Primality Testing

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Homework until Test #2

Sample Induction Proofs

LUC: A New Public Key System

Computer Security: Principles and Practice

Cryptography: Authentication, Blind Signatures, and Digital Cash

Solutions for Practice problems on proofs

CS 103X: Discrete Structures Homework Assignment 3 Solutions

Breaking The Code. Ryan Lowe. Ryan Lowe is currently a Ball State senior with a double major in Computer Science and Mathematics and

Applications of Fermat s Little Theorem and Congruences

mod 10 = mod 10 = 49 mod 10 = 9.

Reading 13 : Finite State Automata and Regular Expressions

8 Primes and Modular Arithmetic

Cryptography and Network Security

Advanced Cryptography

COMP 250 Fall 2012 lecture 2 binary representations Sept. 11, 2012

3. Mathematical Induction

A Factoring and Discrete Logarithm based Cryptosystem

RSA Attacks. By Abdulaziz Alrasheed and Fatima

How To Know If A Message Is From A Person Or A Machine

Lukasz Pater CMMS Administrator and Developer

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

SECTION 10-2 Mathematical Induction

1 Digital Signatures. 1.1 The RSA Function: The eth Power Map on Z n. Crypto: Primitives and Protocols Lecture 6.

= = 3 4, Now assume that P (k) is true for some fixed k 2. This means that

Cryptography and Network Security

Theorem3.1.1 Thedivisionalgorithm;theorem2.2.1insection2.2 If m, n Z and n is a positive

Mathematical Induction

MATH 168: FINAL PROJECT Troels Eriksen. 1 Introduction

CSE373: Data Structures and Algorithms Lecture 3: Math Review; Algorithm Analysis. Linda Shapiro Winter 2015

Public Key (asymmetric) Cryptography

MATH10040 Chapter 2: Prime and relatively prime numbers

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Some practice problems for midterm 2

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

SECURITY IMPROVMENTS TO THE DIFFIE-HELLMAN SCHEMES

Notes on Network Security Prof. Hemant K. Soni

CHAPTER 5. Number Theory. 1. Integers and Division. Discussion

CS 758: Cryptography / Network Security

Factoring & Primality

Clock Arithmetic and Modular Systems Clock Arithmetic The introduction to Chapter 4 described a mathematical system

Network Security. Chapter 2 Basics 2.2 Public Key Cryptography. Public Key Cryptography. Public Key Cryptography

MATH 13150: Freshman Seminar Unit 10

Lecture Note 5 PUBLIC-KEY CRYPTOGRAPHY. Sourav Mukhopadhyay

QUANTUM COMPUTERS AND CRYPTOGRAPHY. Mark Zhandry Stanford University

Computer Networks. Network Security 1. Professor Richard Harris School of Engineering and Advanced Technology

Automata and Formal Languages

Introduction. Appendix D Mathematical Induction D1

An Introduction to RSA Public-Key Cryptography

CSC474/574 - Information Systems Security: Homework1 Solutions Sketch

Maths delivers! A guide for teachers Years 11 and 12. RSA Encryption

8 Divisibility and prime numbers

Section IV.1: Recursive Algorithms and Recursion Trees

HOMEWORK 5 SOLUTIONS. n!f n (1) lim. ln x n! + xn x. 1 = G n 1 (x). (2) k + 1 n. (n 1)!

K80TTQ1EP-??,VO.L,XU0H5BY,_71ZVPKOE678_X,N2Y-8HI4VS,,6Z28DDW5N7ADY013

Introduction to Hill cipher

Cryptography and Network Security Chapter 8

SIMS 255 Foundations of Software Design. Complexity and NP-completeness

MATH 537 (Number Theory) FALL 2016 TENTATIVE SYLLABUS

Math Circle Beginners Group October 18, 2015

Solutions to Problem Set 1

Elements of Applied Cryptography Public key encryption

1 Domain Extension for MACs

A short primer on cryptography

The Prime Numbers. Definition. A prime number is a positive integer with exactly two positive divisors.

1 Signatures vs. MACs

Transcription:

Announcements CS43: Discrete Structures More on Cryptography and Mathematical Induction Işıl Dillig Class canceled next Thursday I am out of town Homework 4 due Oct instead of next Thursday (Oct 18) Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 1/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction /47 Agenda for Today Cryptography Cryptography is the study of techniques for secure transmission of information in the presence of adversaries Talk about RSA algorithm for public-key cryptography Start discussion of mathematical induction Will spend lectures on mathematical induction How can Alice send secrete messages to Bob without Eve being able to read them? Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 3/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 4/47 Private vs. Public Crypto Systems RSA History Two different kinds of cryptography systems: 1. Private (secret) key cryptography. Public key cryptography In private key cryptography, sender and receiver agree on secret key that both use to encrypt/decrypt the message In public key crytography, a public key is used to encrypt the message, and private key is used to decrypt the message Modern systems use puiblic key crypto, best known public key encryption algorithm is RSA algorithm Named after its inventors Rivest, Shamir, and Adlemann, all researchers at MIT (1978) Actually, similar system invented earlier by British researcher Clifford Cocks, but classified unknown until 90 s Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 5/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 6/47 1

RSA Overview Bob has two keys: public and private Everyone knows Bob s public key, but only he knows his private key Alice encrypts message using Bob s public key Bob decrypts message using private key Public key can encrypt, but not decrypt Therefore, noone can read message accept Bob High Level Math Behind RSA In the RSA system, private key consists of two very large prime numbers p, q Public key consists of a number n, which is the product of p, q and another number e e is a number relatively prime with (p 1)(q 1) (φ(n), Euler s totient function, which gives number of integers n and relatively prime with n) Encrypt messages using n, e, but to decrypt, must know p, q In theory, can extract p, q from n using prime factorization, but this is intractable for very large numbers Security of RSA relies on inherent computational difficulty of prime factorization Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 7/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 8/47 Encryption in RSA Encryption Example Encrypt message STOP using RSA with n = 537, e = 13 To send message to Bob, Alice first represents message as a sequence of numbers Call this number representing message M Alice then uses Bob s public key n, e to perform encryption as: C is called the ciphertext C = M e (mod n) First convert each letter to a number in [0, 5]: S = 18, T = 19, O = 14, P = 15 Group sequence into blocks of 4 digits: M = 1819 1415 Now encrypt each block as C = M 13 (mod 537) For first block, 1819 13 (mod 537) = 081; for second block 1415 13 (mod 537) = 18 Ciphertext: 081 18 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 9/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 10/47 RSA Decryption RSA Decryption, cont. How do we decrypt cipher text using private keys p, q? Decryption key d is the inverse of e modulo (p 1)(q 1): d e 1 (mod(p 1)(q 1)) As we saw earlier, inverse of e mod (p 1)(q 1) can be computed reasonably efficiently if we know (p 1)(q 1) However, since adversaries do not know p, q, they cannot compute d with reasonable computational effort! Using the Chinese remainder theorem and another theorem called Fermat s Little Theorem, it can be shown that: (M e ) d M (mod n) Since the ciphertext C is just M e, C d (mod n) allows decrypting the message Since Bob can compute d using p, q, Bob can easily decrypt message, but no one else can! Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 11/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 1/47

Decryption Example Decrypt the cipher text 0981 0461 for the RSA cipher with p = 43, q = 59, and e = 13. First we need to compute d, the inverse of e modulo (p 1)(q 1) Here, (p 1)(q 1) = 436; thus solve: 13x 1 (mod 436) To solve this, first compute s, t such that: 13s + 436t = 1 Apply extended Euclidian algorithm: s = 937, t = 5 Example, cont. Decrypt 0981 0461 using p = 43, q = 59, n = 537, and e = 13. To solve 13x 1 (mod 436), computed s = 937, t = 5 Recall: Solution to this sytem is given by: x = sb d + m d u where u Z Here, s = 937, b, d = 1, m = 436, thus solution: e = 937 0981 937 (mod 537) = 0704; 0461 937 (mod 537) = 1115 Thus, decrypted message is 0704 1115, or in English, HELP Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 13/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 14/47 Security of RSA The encryption function used in RSA is a trapdoor function Trapdoor function is easy to compute in one direction, but very difficult in reverse direction without additional knowledge Encryption direction is easy because just requires exponentiation and mod Decryption without private key is very hard because requires prime factorization Therefore, security of RSA depends on difficulty of prime factorization Security of RSA, cont. However, as computers get more powerful and factorization algorithms better, possible to factor larger and larger integers Therefore, over time, necessary to use larger and larger prime numbers to ensure secure communication For quantum computing, there are very efficient algorithms for computing prime factors (Shor s algorithm) If we could build quantum computers with sufficient qubits, RSA would no longer be secure! However, today, RSA is considered secure if you use sufficiently large prime numbers (> 00 digits) Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 15/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 16/47 Book Recommendation Introduction to Mathematical Induction Many mathematical theorems assert that a property holds for all natural numbers, odd positive integers, etc. If you are interested in (history of) cryptography, read The Code Book by Simon Singh! Mathematical induction: very important proof technique for proving such universally quantified statements Induction will come up over and over again in other classes: algorithms, programming languages, automata theory,... Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 17/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 18/47 3

Analogy Mathematical Induction Suppose we have an infinite ladder, and we know two things: 1. We can reach the first rung of the ladder. If we reach a particular rung, then we can also reach the next rung From these two facts, can we conclude we can reach every step of the infinite ladder? Answer is yes, and mathematical induction allows us to make arguments like this Used to prove statements of the form x Z +. P(x) An inductive proof has two steps: 1. Base case: Prove that P(1) is true. Inductive step: Prove n Z +. P(n) P(n + 1) Induction says if you can prove (1) and (), you can conclude: x Z +. P(x) Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 19/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 0/47 Inductive Hypothesis In the inductive step, need to show: n Z +. P(n) P(n + 1) To prove this, we assume P(n) holds, and based on this assumption, prove P(n + 1) The assumption that P(n) holds is called the inductive hypothesis Example 1 Prove the following statement by induction: n n Z + (n)(n + 1). i = Base case: n = 1. In this case, 1 the base case holds. i = 1 and (1)(1+1) = 1; thus, Inductive step: By the inductive hypothesis, we assume P(k): k i = Now, we want to show P(k + 1): i = (k)(k + 1) (k + 1)(k + ) Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 1/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction /47 Example 1, cont. First, observe: i = k i + (k + 1) By the inductive hypothesis, k i = (k)() ; thus: i = (k)(k + 1) + (k + 1) Example Prove the following statement for all non-negative integers n: n i = n+1 1 i=0 Since need to show for all n 0, base case is P(0), not P(1)! Base case (n = 0): 0 = 1 = 1 1 Rewrite left hand side as: i = k + 3k + = (k + 1)(k + ) Since we proved both base case and inductive step, property holds. Inductive step: k i = i + i=0 i=0 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 3/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 4/47 4

Example, cont. k i = i + i=0 i=0 By the inductive hypothesis, we have: k i = 1 Therefore: Rewrite as: i=0 i = 1 + i=0 i = 1+ = k+ 1 i=0 Example 3 Prove that n < n for all positive integers n Base case (n=0): 0 < 0 Inductive step: Need to show k + 1 < assuming k < k From the inductive hypothesis, we know k + 1 < k + 1 Since 1 k for k Z +, this implies k + 1 < k + k Thus, k + 1 < k = Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 5/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 6/47 Example 4 Example 5 Prove that n < n! for all integers n 4 Base case (n=4): 4 = 16 < 4 = 4! Inductive step: By the inductive hypothesis, we know k < k! Multiply both sides by : k < k! Since k 4, < k + 1, therefore: < (k + 1)k! = (k + 1)! Prove that 3 (n 3 n) for all positive integers n. Base case (n=1): 3 (0 = 1 3 1) Inductive step: Show 3 (k + 1) 3 (k + 1) assuming 3 k 3 k First, rewrite (k + 1) 3 (k + 1) as k 3 + 3k + 3k + 1 k 1 = (k 3 k) + 3(k + k) By the inductive hypothesis, 3 (k + k); and also 3 3(k + k) By Thm from earlier, it follows that 3 (k 3 k + 3(k + k)) Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 7/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 8/47 Example 6 Example 6, cont. We can also use induction to prove results about sets. Use induction to prove generalized DeMorgan s law for sets: Inductive step: k A j = ( A j ) A n n A j = A j for n We ll prove this by induction on the number of sets Base case (n=): A 1 A = A 1 A We already proved this earlier! Now, using De Morgan s law, rewrite left hand side: k A j = ( A j ) A From inductive hypothesis, we have ( k A j ) = k A j, thus: A j = k A j A = A j Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 9/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 30/47 5

Correctness of Induction Strong Induction Why is induction a valid proof technique? Suppose we can prove the base case and inductive step, but n.p(n) does not hold for positive integers. There must be a least element k for which P(k) doesn t hold. Two possibilities: Either (i) k = 1 or (ii) k (i) k cannot be 1 because we proved P(1) in base case (ii) Since k is the least element, we know P(k 1) holds But, in the inductive step we proved P(k 1) P(k); thus, P(k) must also hold! Slight variation on the inductive proof technique is strong induction Regular and strong induction only differ in the inductive step Regular induction: assume P(k) holds and prove P(k + 1) Strong induction: assume P(1), P(),.., P(k); prove P(k + 1) Regular induction and strong induction are equivalent, but strong induction can sometimes make proofs easier Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 31/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 3/47 Motivation for Strong Induction Proof Using Strong Induction Prove that if n is an integer greater than 1, then it is either a prime or can be written as the product of primes. Let s first try to prove the property using regular induction. Base case (n=): Since is a prime number, P() holds. Inductive step: Assume k is either a prime or the product of primes. But this doesn t really help us prove the property about k + 1! Claim is proven much easier using strong induction! Prove that if n is an integer greater than 1, then it is either a prime or can be written as the product of primes. Base case: same as before. Inductive step: Assume each of, 3,..., k is either prime or product of primes. Now, we want to prove the same thing about k + 1 Two cases: k is either (i) prime or (ii) composite If it is prime, property holds. Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 33/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 34/47 Proof, cont. A Word about Base Cases If composite, k + 1 can be written as pq where p, q k By the IH, p, q are either primes or product of primes. Thus, k + 1 can also be written as product of primes Observe: Much easier to prove this property using strong induction! In all examples so far, we had only one base case i.e., only proved the base case for one integer In some inductive proofs, there may be multiple base cases i.e., prove base case for the first k numbers In the latter case, inductive step only needs to consider numbers greater than k Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 35/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 36/47 6

Example Prove that every integer n 1 can be written as n = 4a + 5b for some non-negative integers a, b. Proof by strong induction on n and consider 4 base cases Base case 1 (n=1): 1 = 3 4 + 0 5 Base case (n=13): 13 = 4 + 1 5 Base case 3 (n=14): 14 = 1 4 + 5 Base case 4 (n=15): 15 = 0 4 + 3 5 Example, cont. Prove that every integer n 1 can be written as n = 4a + 5b for some non-negative integers a, b. Inductive hypothesis: Suppose every 1 i k can be written as i = 4a + 5b. Inductive step: We want to show k + 1 can also be written this way for k + 1 16 Observe: k + 1 = (k 3) + 4 By the inductive hypothesis, k 3 = 4a + 5b for some a, b because k 3 1 But then, k + 1 can be written as 4(a + 1) + 5b Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 37/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 38/47 Recursive Definitions In some cases, it is easier to define objects/functions in terms of themselves rather than directly Such definitions are called recursive definitions Picture below is defined recursively because each picture containts a smaller version of itself Recursive Definitions in Math Recursive definitions come up a lot in discrete math For example, consider the following sequence: 1, 3, 9, 7, 81,... This sequence can be defined recursively as follows: a 0 = 1 a n = 3 a n 1 First part called base case; second part called recursive step Very similar to induction; in fact, recursive definitions sometimes also called inductive definitions Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 39/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 40/47 Recursively Defined Functions Recursive Definition Examples Just like sequences, functions can also be defined recursively Example: What is f (1)? What is f ()? What is f (3)? f (0) = 3 f (n + 1) = f (n) + 3 (n 1) Consider f (n) = n + 1 where n is non-negative integer What s a recursive definition for f? Consider the sequence 1, 4, 9, 16,... What is a recursive definition for this sequence? Recursive definition of function defined as f (n) = n i? Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 41/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 4/47 7

Recursive Definitions of Important Functions Inductive Proofs for Recursively Defined Structures Some important functions/sequences defined recursively Factorial function: f (1) = 1 f (n) = n f (n 1) (n ) Fibonacci numbers: 1,, 3, 5, 8, 13, 1,... a 1 = 1 a = a n = a n 1 + a n (n 3) Recursive definitions and inductive proofs are very similar Natural to use induction to prove properties about recursively defined structures (sequences, functions etc.) Just like there can be multiple bases cases in inductive proofs, there can be multiple base cases in recursive definitions Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 43/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 44/47 Example Let f n denote the n th element of the Fibonacci sequence Prove: For n 3, f n > α n where α = 1+ 5 Proof is by strong induction on n with two base cases Intuition 1: Definition of f n has two base cases Intuition : Recursive step uses f n 1, f n strong induction Base case 1 (n=3): f 3 =, and α <, thus f 3 > α Base case (n=4): f 4 = 3 and α = (3+ 5) < 3 Example, cont. Prove: For n 3, f n > α n where α = 1+ 5 Inductive step: Assuming property holds for f i where 3 i k, need to show f > α k 1 First, rewrite α k 1 as α α k 3 α is equal to 1 + α because: α = ( 1 + ) 5 5 + 3 = = α + 1 Thus, α k 1 = (α + 1)(α k 3 ) = α k α k 3 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 45/47 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 46/47 Example, cont. α k 1 = α k α k 3 By recursive definition, we know f = f k + f k 1 Furthermore, by inductive hypothesis: f k > α k f k 1 > α k 3 Therefore, f > α k α k 3 = α k 1 Işıl Dillig, CS43: Discrete Structures More on Cryptography and Mathematical Induction 47/47 8

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information